MBR wird laufend überschrieben (Win7-64)

noreturn · 24.01.2011, 21:16

Hallo,

seit einigen Wochen habe ich das Problem, dass mein MBR laufend überschrieben wird.
Ich habe den Bootmanager Plop hxxp://www.plop.at/ installiert und nach der Manipulation des MBR startet der Bootmanager nicht mehr. Der MBR wird nicht komplett überschrieben, sonst würde der neue ja funktionieren. Wenn ich den Bootmanager wieder neu installiere, dann funktioniert alles wieder.
Daher glaube ich, dass sich irgendein Rootkit installieren will; es aber auf Grund des anderen Bootmanagers nicht schafft.

Bei der Suche nach dem Problem bin ich auf dieses Forum gestoßen und habe die beschriebenen Tools schon angewendet.

Anti-Malware hat folgendes gefunden:

Code:

ATTFilter

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Diese beiden Einträge hat Anti-Malware gelöscht und seither nichts mehr gerunden. Der MBR wird aber weiterhin überschrieben...

Hier das aktuelle Anti-Malware log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5578

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.01.2011 20:09:57
mbam-log-2011-01-24 (20-09-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170855
Laufzeit: 1 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.01.2011 20:53:45 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = D:\Software\Rootkit
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 54,81 Gb Free Space | 56,18% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 80,54 Gb Free Space | 54,98% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 78,75 Gb Free Space | 63,53% Space Free | Partition Type: NTFS
 
Computer Name: BAREBONE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Software\Rootkit\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Users\***\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe (Mindjet)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Software\Rootkit\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\A94A.tmp (Sophos Plc)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\sysWOW64\drivers\npf_devolo.sys (CACE Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&ie=ISO-8859-1&q=&sa=Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 47 64 62 E3 95 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.12 20:14:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.15 10:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.12 20:12:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.10 20:11:25 | 000,000,000 | ---D | M]
 
[2010.01.09 21:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.09 21:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.09.03 07:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009.10.28 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder
[2009.10.28 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2009.10.28 20:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.01.24 20:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions
[2010.09.25 08:53:19 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.03.30 19:24:47 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010.12.23 20:30:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.17 21:38:20 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2010.10.01 07:43:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\foxmarks@kei.com
[2010.11.25 19:52:29 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\ietab@ip.cn
[2010.11.30 21:02:01 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\optimizegoogle@optimizegoogle.com
[2010.07.30 19:55:54 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011.01.15 10:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.15 10:41:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.24 20:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\***\PROGRAM FILES (X86)\DNA
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.10 20:10:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [acSecurityLayer] C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.23 14:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.01.23 14:07:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.23 14:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.01.23 14:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.23 14:07:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.23 14:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.19 21:15:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics
[2011.01.19 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Auslogics
[2011.01.19 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011.01.15 20:38:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.15 10:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Google Earth
[2011.01.15 10:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.01.15 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.01.15 10:41:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.01.15 10:41:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.01.15 10:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.01.15 10:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.01.12 21:20:19 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 21:20:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 21:20:19 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 21:20:19 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 21:20:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 21:20:19 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 21:20:18 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 21:20:18 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 21:20:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 21:20:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 21:20:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 21:20:17 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 21:20:17 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 21:20:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 21:20:17 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 21:20:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 21:20:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 21:20:17 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 21:20:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 21:20:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 21:20:17 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 21:20:16 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.12 21:20:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 21:20:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 21:20:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.12 21:20:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.12 21:20:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 21:20:02 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 21:20:02 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.04 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\***\user
[2011.01.04 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Code Composer Studio
[2011.01.04 21:06:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macrovision
[2011.01.04 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011.01.04 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\.TI
[2011.01.04 21:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Texas Instruments
[2011.01.04 21:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011.01.04 20:59:57 | 000,000,000 | ---D | C] -- C:\Users\***\workspace
[2011.01.04 20:57:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2010.12.31 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnkhSVN 2
[2010.12.31 07:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.31 07:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\FileZilla FTP Client
[2010.12.31 07:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010.12.30 21:30:57 | 000,114,176 | ---- | C] (Microsoft) -- C:\Users\***\Desktop\DiagnosticAuthorizationTool.exe
[2010.12.26 07:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HomePlugConfigWizard
[2010.12.26 07:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HomePlug
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 20:42:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001UA.job
[2011.01.24 20:39:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.24 20:15:00 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 20:15:00 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 20:07:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.24 20:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.24 20:07:01 | 3168,616,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.23 20:08:33 | 001,620,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.23 20:08:33 | 000,699,034 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.23 20:08:33 | 000,654,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.23 20:08:33 | 000,149,230 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.23 20:08:33 | 000,122,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.23 14:07:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.21 09:42:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001Core.job
[2011.01.19 21:15:31 | 000,001,214 | ---- | M] () -- C:\Users\***\Desktop\Auslogics Disk Defrag.lnk
[2011.01.19 21:12:19 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.19 21:03:44 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2011.01.18 20:29:48 | 000,591,202 | ---- | M] () -- C:\Users\***\Desktop\Designing Software Quality.pdf
[2011.01.16 11:56:19 | 000,000,036 | ---- | M] () -- C:\Users\***\.org.eclipse.epp.usagedata.recording.userId
[2011.01.15 11:12:26 | 000,005,952 | ---- | M] () -- C:\Users\***\Desktop\bergfextour_talkenschrein-neunkirchner-huette.kml
[2011.01.15 10:15:46 | 000,002,420 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2011.01.10 08:04:16 | 000,004,246 | ---- | M] () -- C:\Users\***\Desktop\Storno Funimation - Verknüpfung.lnk
[2011.01.06 22:32:19 | 000,109,056 | ---- | M] () -- C:\Users\***\Desktop\StateMachine.vsd
[2011.01.04 21:03:15 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Code Composer Studio v5.lnk
[2011.01.04 20:45:37 | 000,000,010 | ---- | M] () -- C:\Users\***\AppData\Roaming\hhxprot5
[2011.01.04 20:45:27 | 000,002,044 | ---- | M] () -- C:\Users\***\Desktop\10sec-Haushaltsbuch.lnk
[2010.12.31 13:40:10 | 000,001,038 | ---- | M] () -- C:\Users\***\Desktop\Lola - Das Kuckucksei.MP4 - Verknüpfung.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.23 14:07:28 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.19 21:15:31 | 000,001,214 | ---- | C] () -- C:\Users\***\Desktop\Auslogics Disk Defrag.lnk
[2011.01.18 20:29:44 | 000,591,202 | ---- | C] () -- C:\Users\***\Desktop\Designing Software Quality.pdf
[2011.01.16 11:56:19 | 000,000,036 | ---- | C] () -- C:\Users\***\.org.eclipse.epp.usagedata.recording.userId
[2011.01.15 11:12:25 | 000,005,952 | ---- | C] () -- C:\Users\***\Desktop\bergfextour_talkenschrein-neunkirchner-huette.kml
[2011.01.10 08:04:16 | 000,004,246 | ---- | C] () -- C:\Users\***\Desktop\Storno Funimation - Verknüpfung.lnk
[2011.01.06 22:32:19 | 000,109,056 | ---- | C] () -- C:\Users\***\Desktop\StateMachine.vsd
[2011.01.04 21:03:15 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Code Composer Studio v5.lnk
[2011.01.04 20:45:37 | 000,000,010 | ---- | C] () -- C:\Users\***\AppData\Roaming\hhxprot5
[2010.12.31 13:40:10 | 000,001,038 | ---- | C] () -- C:\Users\***\Desktop\Lola - Das Kuckucksei.MP4 - Verknüpfung.lnk
[2010.11.04 22:00:39 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234
[2010.10.24 12:18:35 | 000,037,412 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.09.27 12:09:39 | 000,000,053 | ---- | C] () -- C:\Windows\fcad5lt.ini
[2010.09.27 11:28:30 | 000,000,015 | ---- | C] () -- C:\Windows\DME32.INI
[2010.08.18 19:11:36 | 000,007,652 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.07.20 21:13:58 | 000,001,572 | ---- | C] () -- C:\Users\***\AppData\Roaming\MyMicroBalanceConfig.ini
[2010.04.02 18:37:46 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.04.02 18:37:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.04.02 18:37:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.21 20:43:29 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.20 21:04:07 | 000,000,479 | ---- | C] () -- C:\ProgramData\qcadrc
[2010.01.29 21:10:49 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.22 20:22:16 | 001,641,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.15 20:47:28 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.12.15 01:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009.12.15 01:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009.12.12 12:06:10 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2009.10.31 21:13:26 | 000,000,546 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2009.09.18 19:11:33 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2009.09.18 19:11:33 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2009.09.15 20:09:45 | 000,000,010 | ---- | C] () -- C:\Users\***\AppData\Roaming\hhxprot4
[2009.09.01 19:53:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.29 20:00:00 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2009.08.29 19:31:23 | 003,297,280 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata
[2009.07.24 14:04:54 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.25 22:10:48 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== LOP Check ==========
 
[2011.01.10 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10-Sekunden-Haushaltsbuch
[2010.06.21 20:28:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\A-Trust GmbH
[2010.01.21 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2011.01.19 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2010.01.15 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broad Intelligence
[2010.01.29 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.09.27 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CASta-C
[2010.08.30 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DirektFotoSystem3
[2011.01.24 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA
[2010.04.25 09:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.31 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.10.02 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flash Undelete Software
[2009.08.29 19:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.08.10 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.04.04 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFileSync
[2010.10.18 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JetBrains
[2010.10.18 13:55:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM
[2011.01.21 20:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.12.13 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KOSTAL Solar Electric GmbH
[2011.01.04 20:28:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.10.23 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.12.28 20:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.03.27 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Participatory Culture Foundation
[2010.10.23 05:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.04.02 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCF-VLC
[2010.12.11 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pieps
[2010.11.16 08:31:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pieps_GMBH
[2010.06.21 20:45:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SignaturUmgebung
[2010.10.28 08:09:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2010.12.12 20:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.10 16:42:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Termite
[2010.01.09 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.09.03 07:49:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2010.05.27 19:27:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\tradesignal
[2011.01.17 20:20:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.01.2011 20:53:45 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = D:\Software\Rootkit
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 54,81 Gb Free Space | 56,18% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 80,54 Gb Free Space | 54,98% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 78,75 Gb Free Space | 63,53% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{4A851AAB-F47D-4C1E-813C-A21A87E80589}" = Foxit PDF IFilter
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{76B91A94-33F6-4E92-88DF-3325427F4F47}" = Oracle VM VirtualBox 4.0.0
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"287456DB90C1DA963CF09266912A2F7FFEF599C5" = Windows-Treiberpaket - Texas Instruments, Inc (umpusbvista) Ports  (10/20/2009 6.5.9017.0)
"B89452C8A2A1FCF2E1BCF0ECA27FB6019CFA00CF" = Windows-Treiberpaket - Texas Instruments (usbser) Ports  (12/11/2007 1.3)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HardlinkShellExt" = Link Shell Extension
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1A772F15-B3FE-381A-BD29-82A78096B720}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BA62480-D267-436C-B62F-12A54EEE055D}" = Mindjet MindManager Pro 7
"{3175553C-88D5-453B-93CB-4012A827533A}" = Microsoft StyleCop 4.3.3.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5E81B080-4629-4EC3-AA90-538394122120}" = MSVC80_Runtime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6742BE3D-1A59-3BFD-BA20-2FDA866099B8}" = Microsoft Visual Studio 2010 Premium - ENU
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6BCCC651-1638-4D86-B6AF-F8B7BB0C9141}" = Windows Installer XML Toolset 3.5
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7270D01E-6AFF-4E45-9A05-1152BCFE3FB2}" = AnkhSVN 2.1.10019.14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B82827EC-C335-4986-9C89-A2A6FA8344F0}" = Microsoft Pex 2010 (x86) 0.90.50303.0
"{B99459D2-B91A-417E-9DFA-F53D569F4445}_is1" = H.264 Encoder 1.5
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C7E08583-EE96-44EC-8FE4-32FFA69965CF}" = JetBrains ReSharper 5.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"10-Sekunden-Haushaltsbuch 4" = 10-Sekunden-Haushaltsbuch 4 4.07 
"10-Sekunden-Haushaltsbuch 5" = 10-Sekunden-Haushaltsbuch 5 5.08 
"4F9A85D9-5F0E-E538-D71C-621DF59F81FA" = Debug Server
"a.sign Bürgerkartensoftware" = a.sign Bürgerkartensoftware 1.3.0.7
"a.sign Client" = a.sign Client 1.2.7.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.7
"asignPDFverify" = asignPDFverify 1.0.5.0
"BadCopy Pro" = BadCopy Pro
"Code Composer Studio v5.0.1" = Code Composer Studio v5.0.1
"CollabNet Automatic Update" = CollabNet Automatic Update 1.2
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.13
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup.divx.com" = DivX-Setup
"dlanconftiny" = HomePlug-Konfigurationsassistent
"FileZilla Client" = FileZilla Client 3.3.5.1
"Foxit Reader" = Foxit Reader
"Free Studio_is1" = Free Studio version 4.6
"Free Video Dub_is1" = Free Video Dub version 1.8
"FreeFileSync" = FreeFileSync v3.13
"FreePortScanner_is1" = FreePortScanner 2.8.2
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2010 Premium - ENU" = Microsoft Visual Studio 2010 Premium - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Notepad++" = Notepad++
"PIKO Master Control V2.0_is1" = PIKO Master Control V2.0 v1.0.4.0
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZetaResourceEditor" = Zeta Resource Editor 2.1.0.76 (nur entfernen)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.12.2010 11:18:55 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
 The language of this upgrade package is different than the language used in your
 original Security Essentials installation. Error code:0x8004FF36.
 
Error - 19.12.2010 11:20:57 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
 The language of this upgrade package is different than the language used in your
 original Security Essentials installation. Error code:0x8004FF36.
 
Error - 19.12.2010 11:21:05 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
 The language of this upgrade package is different than the language used in your
 original Security Essentials installation. Error code:0x8004FF36.
 
Error - 19.12.2010 15:04:17 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x2f8  Startzeit der fehlerhaften Anwendung: 0x01cb9fad1236740d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 c6c7f441-0ba2-11e0-949b-002354381eed
 
Error - 20.12.2010 16:04:55 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cba080db8f411f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 693baeae-0c74-11e0-8db0-002354381eed
 
Error - 22.12.2010 09:30:36 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\direktfotosystem3\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\direktfotosystem3\DelZip179.dll" in Zeile 8.  Der Wert "*"
 des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.12.2010 11:33:11 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x9d8  Startzeit der fehlerhaften Anwendung: 0x01cba2b574fa2b98  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 f2f424ce-0ea9-11e0-ae6b-002354381eed
 
Error - 26.12.2010 04:06:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x33c  Startzeit der fehlerhaften Anwendung: 0x01cba4cae3d8aec8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 0ffa8281-10c7-11e0-9470-002354381eed
 
Error - 26.12.2010 15:34:52 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xcc  Startzeit der fehlerhaften Anwendung: 0x01cba52f904c71b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 3573d3de-1127-11e0-bd94-002354381eed
 
Error - 27.12.2010 15:07:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xc18  Startzeit der fehlerhaften Anwendung: 0x01cba5f786eeb484  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 91ec6165-11ec-11e0-8d1e-002354381eed
 
[ Cisco AnyConnect VPN Client Events ]
Error - 22.01.2011 10:53:54 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 22.01.2011 10:53:54 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 08:32:06 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 08:32:06 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 09:23:09 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 09:23:09 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 14:48:26 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 14:48:26 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 24.01.2011 15:07:13 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 24.01.2011 15:07:13 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
[ System Events ]
Error - 18.01.2011 13:42:03 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 18.01.2011 15:06:51 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 19.01.2011 09:18:41 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 19.01.2011 15:11:35 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 19.01.2011 17:26:21 | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 21.01.2011 04:31:22 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 22.01.2011 11:34:55 | Computer Name = *** | Source = SCardSvr | ID = 610
Description = 
 
Error - 23.01.2011 08:32:24 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 23.01.2011 14:48:32 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 24.01.2011 15:07:30 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
< End of report >

--- --- ---

Ich weiß leider nicht mehr wie ich dieses Problem in den Griff kriegen kann. Vielleicht kann mir jemand aus dem Board einen Tipp geben.

Vielen Dank,

cosinus · 24.01.2011, 23:07

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

noreturn · 26.01.2011, 20:47

Hallo,

ja, es gibt noch ein Log vor dem Entfernen der Registry Entries.

cosinus · 26.01.2011, 20:50

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

noreturn · 26.01.2011, 21:29

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-01-25.05 - *** 26.01.2011  21:17:06.1.2 - x64
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.43.1031.18.4029.2566 [GMT 1:00]
ausgeführt von:: d:\software\Rootkit\cofi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-12-26 bis 2011-01-26  ))))))))))))))))))))))))))))))
.

2011-01-26 20:20 . 2011-01-26 20:20	--------	d-----w-	c:\users\***\AppData\Local\temp
2011-01-26 20:20 . 2011-01-26 20:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-01-26 09:24 . 2011-01-13 10:20	7844688	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA4309ED-12B4-42CA-8F4A-2B147DAC1602}\mpengine.dll
2011-01-25 08:29 . 2011-01-25 08:29	--------	d-----w-	c:\users\***\.Geopublisher
2011-01-25 08:29 . 2011-01-25 08:29	--------	d-----w-	c:\users\***\.AtlasViewer
2011-01-25 08:29 . 2011-01-25 08:29	--------	d-----w-	c:\users\***\.AtlasStyler
2011-01-24 21:03 . 2009-03-09 14:27	5425496	----a-w-	c:\windows\system32\D3DX9_41.dll
2011-01-24 21:03 . 2009-03-09 14:27	4178264	----a-w-	c:\windows\SysWow64\D3DX9_41.dll
2011-01-24 21:02 . 2011-01-24 21:02	--------	d-----w-	c:\program files\Microsoft Mathematics
2011-01-23 13:07 . 2011-01-23 13:07	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-01-23 13:07 . 2011-01-23 13:07	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-23 13:07 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-23 13:07 . 2011-01-23 13:07	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-23 13:07 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-19 20:15 . 2011-01-19 20:15	--------	d-----w-	c:\users\***\AppData\Roaming\Auslogics
2011-01-19 20:15 . 2011-01-19 20:15	--------	d-----w-	c:\program files (x86)\Auslogics
2011-01-15 09:41 . 2011-01-15 09:41	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-01-15 09:41 . 2010-11-12 17:53	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-01-15 09:41 . 2010-11-12 17:53	472808	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-04 20:21 . 2011-01-04 20:21	--------	d-----w-	c:\users\***\user
2011-01-04 20:06 . 2011-01-23 19:40	--------	d-----w-	c:\users\***\AppData\Local\Code Composer Studio
2011-01-04 20:06 . 2011-01-04 20:06	--------	d-----w-	c:\users\***\AppData\Roaming\Macrovision
2011-01-04 20:06 . 2011-01-04 20:06	--------	d-----w-	c:\programdata\InstallShield
2011-01-04 20:05 . 2011-01-04 20:05	--------	d-----w-	c:\users\***\AppData\Local\.TI
2011-01-04 20:01 . 2011-01-04 20:01	--------	d-----w-	c:\program files (x86)\Common Files\Macrovision Shared
2011-01-04 19:59 . 2011-01-04 19:59	--------	d-----w-	c:\users\***\workspace
2011-01-04 19:57 . 2011-01-04 20:02	--------	d--h--w-	c:\program files (x86)\InstallJammer Registry
2011-01-04 19:45 . 2010-12-28 10:18	420968	----a-w-	c:\windows\uninstall\10-Sekunden-Haushaltsbuch 5\setup.exe
2010-12-31 12:56 . 2010-12-31 12:56	--------	d-----w-	c:\program files (x86)\AnkhSVN 2
2010-12-31 06:52 . 2010-12-31 08:27	--------	d-----w-	c:\users\***\AppData\Roaming\FileZilla
2010-12-31 06:52 . 2010-12-31 06:52	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 10:20 . 2010-12-20 20:04	7844688	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-31 12:56 . 2010-01-22 19:33	1374720	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-22 14:08 . 2010-12-22 14:08	173840	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2010-12-22 14:08 . 2010-12-23 19:57	226448	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2010-12-22 14:08 . 2010-12-23 19:57	54864	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2010-12-22 14:08 . 2010-12-22 14:08	43792	----a-w-	c:\windows\system32\drivers\VBoxUSB.sys
2010-12-22 14:08 . 2010-12-22 14:08	154256	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-22 14:08 . 2010-12-22 14:08	318992	----a-w-	c:\windows\system32\VBoxNetFltNotify.dll
2010-12-19 15:34 . 2010-12-19 15:34	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51EB4182-6CE5-43BC-B119-3441B5E9EE5F}\gapaengine.dll
2010-11-07 12:02 . 2010-11-07 12:02	119808	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2010-11-04 06:35 . 2010-12-17 08:13	1194496	----a-w-	c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-17 08:13	57856	----a-w-	c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-17 08:13	978944	----a-w-	c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-17 08:13	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-17 08:13	482816	----a-w-	c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-17 08:13	386048	----a-w-	c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-17 08:13	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-17 08:13	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-17 08:13	524288	----a-w-	c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-17 08:13	1169408	----a-w-	c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-17 08:13	473600	----a-w-	c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-17 08:13	1114624	----a-w-	c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-17 08:13	464384	----a-w-	c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-17 08:13	285696	----a-w-	c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-17 08:13	496128	----a-w-	c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-17 08:13	305152	----a-w-	c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-17 08:13	192000	----a-w-	c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-17 08:13	179712	----a-w-	c:\windows\SysWow64\schtasks.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"BitTorrent DNA"="c:\users\***\Program Files (x86)\DNA\btdna.exe" [2010-01-17 323392]
"Google Update"="c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-02 136176]
"acSecurityLayer"="c:\program files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe" [2010-08-12 3351712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 7\MMReminderService.exe" [2008-03-19 37144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 245120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
a.sign Client.lnk - c:\program files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe [2009-12-22 1008800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-02-08 29184]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 51600]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-16 1436424]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A94A.tmp [2010-05-26 6144]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-22 43792]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-20 1255736]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 54864]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2010-05-02 498096]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2007-02-07 34048]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 173840]

.
Inhalt des "geplante Tasks" Ordners

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 07:56]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 07:56]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 18:30]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 18:30]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2010-02-21 20:07	266752	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2010-02-21 20:07	266752	----a-w-	c:\program files\LinkShellExtension\HardlinkShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&ie=ISO-8859-1&q=&sa=Search
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uskowlm9.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: German Dictionary, extended for Austria: de-AT@dictionaries.addons.mozilla.org - %profile%\extensions\de-AT@dictionaries.addons.mozilla.org
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com
.
.
------- Dateityp-Verknüpfung -------
.
.txt=Notepad++_file
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A94A.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-26  21:22:07
ComboFix-quarantined-files.txt  2011-01-26 20:22

Vor Suchlauf: 13 Verzeichnis(se), 57.092.915.200 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 56.764.850.176 Bytes frei

- - End Of File - - 8F8EFEBF3E4D9078952DE5B211F9A3A6

cosinus · 26.01.2011, 21:38

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

noreturn · 02.02.2011, 20:29

Hallo,

des Ergebnis von GMER: No system modifications found.

MBRCheck hat auf meiner externen Festplatte einen Non-standard MBR gefunden. Der auf Platte Datenträger0 ist klar, aber der auf Datenträger5 nicht?
Meine Fragen dazu:
- Wie kommt der dahin?
- Wird der MBR beim Anstecken einer externen Festplatte überhaupt ausgeführt?

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Enterprise Edition
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	ASUSTeK Computer INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		System manufacturer
System Product Name:		System Product Name
Logical Drives Mask:		0x02000fdc

Kernel Drivers (total 201):
  0x02E61000 \SystemRoot\system32\ntoskrnl.exe
  0x02E18000 \SystemRoot\system32\hal.dll
  0x00BB8000 \SystemRoot\system32\kdcom.dll
  0x00CD9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D1D000 \SystemRoot\system32\PSHED.dll
  0x00D31000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00EAE000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F52000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F61000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FB8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00FC1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00FCB000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E93000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00E9A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00D8F000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00DA9000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00DB2000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00DDC000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x00DE7000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x010F1000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0113D000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01225000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01151000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013C8000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01000000 \SystemRoot\System32\Drivers\cng.sys
  0x013E2000 \SystemRoot\System32\drivers\pcw.sys
  0x013F3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x014FF000 \SystemRoot\system32\drivers\ndis.sys
  0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01602000 \SystemRoot\System32\drivers\tcpip.sys
  0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x014D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x014E5000 \SystemRoot\System32\Drivers\spldr.sys
  0x011AF000 \SystemRoot\System32\drivers\rdyboost.sys
  0x014ED000 \SystemRoot\System32\Drivers\mup.sys
  0x015F1000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x0183B000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01875000 \SystemRoot\system32\DRIVERS\disk.sys
  0x0188B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x018F3000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x0191D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x0194E000 \SystemRoot\System32\Drivers\Null.SYS
  0x01957000 \SystemRoot\System32\Drivers\Beep.SYS
  0x0195E000 \SystemRoot\System32\drivers\vga.sys
  0x0196C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x01991000 \SystemRoot\System32\drivers\watchdog.sys
  0x019A1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x019AA000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x019B3000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x019BC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x019C7000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x019D8000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x01800000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02CBA000 \SystemRoot\system32\drivers\afd.sys
  0x02D44000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02D89000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02D92000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02DB8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02DC7000 \SystemRoot\system32\DRIVERS\serial.sys
  0x02DE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
  0x02C0C000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
  0x02C42000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x02C56000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x02CA7000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0180D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x01818000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x01823000 \SystemRoot\System32\drivers\discache.sys
  0x03CEB000 \SystemRoot\system32\drivers\csc.sys
  0x03D6E000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03D8C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03D9D000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x03DC3000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x04819000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x05238000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0532C000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x05372000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x0537F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x053D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x03DD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x03C00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x03C3E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x03C94000 \SystemRoot\system32\DRIVERS\parport.sys
  0x053E6000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x053EE000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x04800000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x03CB1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x03CC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x01200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x010BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x03E62000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x03E7D000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03E9E000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x03EB8000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
  0x03EDD000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x03EE8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x03EF7000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x03F06000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x03F15000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x03F44000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
  0x03F6D000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x03F6F000 \SystemRoot\system32\DRIVERS\ks.sys
  0x03FB2000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x03FC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0681F000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x06AD2000 \SystemRoot\system32\drivers\portcls.sys
  0x06B0F000 \SystemRoot\system32\drivers\drmk.sys
  0x06B31000 \SystemRoot\system32\drivers\ksthunk.sys
  0x06B37000 \SystemRoot\system32\drivers\HdAudio.sys
  0x000F0000 \SystemRoot\System32\win32k.sys
  0x06B93000 \SystemRoot\System32\drivers\Dxapi.sys
  0x06B9F000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00470000 \SystemRoot\System32\TSDDD.dll
  0x007D0000 \SystemRoot\System32\cdd.dll
  0x06BAD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x06BCA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x008F0000 \SystemRoot\System32\ATMFD.DLL
  0x02202000 \SystemRoot\system32\DRIVERS\VX1000.sys
  0x06BCC000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x06BDD000 \SystemRoot\system32\drivers\usbaudio.sys
  0x06A00000 \SystemRoot\system32\drivers\luafv.sys
  0x06A23000 \SystemRoot\system32\drivers\WudfPf.sys
  0x06A44000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x06A61000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x06A7C000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x06A8A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x06AA3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x06AAC000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x06AB9000 \SystemRoot\system32\DRIVERS\point64.sys
  0x069D0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x069DE000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x069EC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x06800000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x0680B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x03FD9000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x018BB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x02A06000 \SystemRoot\system32\drivers\HTTP.sys
  0x02ACE000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x02AEC000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x02B04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x02B31000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x02B7F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x02BA2000 \SystemRoot\sysWOW64\drivers\npf_devolo.sys
  0x038C2000 \SystemRoot\system32\drivers\peauth.sys
  0x03968000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x03973000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x039A0000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x03800000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x06E0A000 \SystemRoot\System32\DRIVERS\srv.sys
  0x06EA0000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
  0x06EB5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x06F57000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x06F62000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
  0x771A0000 \Windows\System32\ntdll.dll
  0x47D50000 \Windows\System32\smss.exe
  0xFF4C0000 \Windows\System32\apisetschema.dll
  0xFF1C0000 \Windows\System32\autochk.exe
  0xFF2A0000 \Windows\System32\ole32.dll
  0xFF1D0000 \Windows\System32\usp10.dll
  0xFF130000 \Windows\System32\msvcrt.dll
  0x77370000 \Windows\System32\normaliz.dll
  0xFF050000 \Windows\System32\advapi32.dll
  0xFEFB0000 \Windows\System32\clbcatq.dll
  0xFEF40000 \Windows\System32\gdi32.dll
  0xFEE60000 \Windows\System32\oleaut32.dll
  0xFEE30000 \Windows\System32\imm32.dll
  0x77360000 \Windows\System32\psapi.dll
  0xFEC50000 \Windows\System32\setupapi.dll
  0xFDEC0000 \Windows\System32\shell32.dll
  0xFDE20000 \Windows\System32\comdlg32.dll
  0xFDD10000 \Windows\System32\msctf.dll
  0xFDCC0000 \Windows\System32\ws2_32.dll
  0xFDCB0000 \Windows\System32\nsi.dll
  0x770A0000 \Windows\System32\user32.dll
  0xFDB80000 \Windows\System32\wininet.dll
  0xFD920000 \Windows\System32\iertutil.dll
  0xFD900000 \Windows\System32\imagehlp.dll
  0xFD8B0000 \Windows\System32\Wldap32.dll
  0xFD8A0000 \Windows\System32\lpk.dll
  0xFD770000 \Windows\System32\rpcrt4.dll
  0xFD6F0000 \Windows\System32\difxapi.dll
  0xFD670000 \Windows\System32\shlwapi.dll
  0xFD4F0000 \Windows\System32\urlmon.dll
  0xFD4D0000 \Windows\System32\sechost.dll
  0x76F80000 \Windows\System32\kernel32.dll
  0xFD490000 \Windows\System32\wintrust.dll
  0xFD450000 \Windows\System32\cfgmgr32.dll
  0xFD2E0000 \Windows\System32\crypt32.dll
  0xFD270000 \Windows\System32\KernelBase.dll
  0xFD250000 \Windows\System32\devobj.dll
  0xFD1B0000 \Windows\System32\comctl32.dll
  0xFD1A0000 \Windows\System32\msasn1.dll
  0x77350000 \Windows\SysWOW64\normaliz.dll

Processes (total 59):
       0 System Idle Process
       4 System
     276 C:\Windows\System32\smss.exe
     492 csrss.exe
     616 C:\Windows\System32\wininit.exe
     644 csrss.exe
     668 C:\Windows\System32\services.exe
     708 C:\Windows\System32\winlogon.exe
     736 C:\Windows\System32\lsass.exe
     748 C:\Windows\System32\lsm.exe
     840 C:\Windows\System32\svchost.exe
     928 C:\Windows\System32\svchost.exe
     984 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
     508 C:\Windows\System32\svchost.exe
     544 C:\Windows\System32\svchost.exe
     568 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\svchost.exe
    1448 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1476 C:\Windows\System32\svchost.exe
    1604 C:\Windows\System32\spoolsv.exe
    1632 C:\Windows\System32\svchost.exe
    1660 C:\Windows\System32\svchost.exe
    1784 C:\Windows\SysWOW64\cjpcsc.exe
    1832 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    1880 C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
    1940 C:\Windows\System32\svchost.exe
    2024 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    1188 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    2440 C:\Windows\System32\taskhost.exe
    2556 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    2648 WUDFHost.exe
    2696 C:\Windows\System32\dwm.exe
    2732 C:\Windows\explorer.exe
    2944 C:\Windows\vVX1000.exe
    2956 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3004 C:\Windows\WindowsMobile\wmdc.exe
    2124 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    2412 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    2492 C:\Windows\System32\igfxtray.exe
    2596 C:\Windows\System32\hkcmd.exe
    2552 C:\Windows\System32\igfxpers.exe
    2740 C:\Program Files\Microsoft Security Client\msseces.exe
    2476 C:\Program Files\Windows Sidebar\sidebar.exe
    3384 C:\Windows\System32\svchost.exe
    3468 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    3556 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    3648 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    3780 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    3788 C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
    3796 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    3872 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2852 C:\Windows\System32\SearchIndexer.exe
    3444 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4392 C:\Windows\System32\svchost.exe
    4968 C:\Windows\System32\svchost.exe
    2280 C:\Windows\System32\audiodg.exe
    3264 C:\Windows\System32\dllhost.exe
    4528 D:\Software\Rootkit\MBRCheck.exe
    4268 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`d4200000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000055`73300000  (NTFS)
\\.\Z: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01
PhysicalDrive5 Model Number: WDC WD2500BB-00GUA0, Rev: 08.0

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: CAD9DA2E2D6AE2B7F3C3BDEBB92696EF526A5849
    232 GB  \\.\PhysicalDrive5   RE: Unknown MBR code
            SHA1: 5CA5C0220C2165E9C07EE8A033F53F0D2083832C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Done!

Vielen Dank

cosinus · 02.02.2011, 20:58

Zitat:

- Wird der MBR beim Anstecken einer externen Festplatte überhaupt ausgeführt?

Nur wenn du von dieser Platte ein Betriebbsystem bootest. Bei externen USB-Platten ist das eigentlich nicht der Fall, also kann man da in den allermeisten Fällen einen nicht-standard MBR ignorieren. Bei der internen Festplatte, die auch die Bootpartittion inne hat, sollte man sicherheitshalber einen neuen MBR schreiben wenn sich da Ungereimtheiten zeigen.

Hast du dafür eine Win7-DVD (64 Bit) zur Hand?

noreturn · 02.02.2011, 21:14

Wie gesagt verwende ich einen Bootmanager namens plop (hxxp://www.plop.at/de/bootmanager.html) und der schreibt seinen eigenen MBR.
Wenn ich den Standard Win7 MBR installiere, dann funktioniert mein Bootmanager nicht mehr.

Kann es sein dass Windows selbst den MBR zurücksetzt?
Glaube ich aber eher nicht, denn sonst könnte niemand den Bootmanager verwenden.

cosinus · 02.02.2011, 21:20

Ups sry das hab ich vergessen, hab zuviele Stränge wohl auf

Dein customisierter MBR wird wohl der Grund dafür sein, dass MBRCHEck ihn nicht kennt...

Zitat:

MBR wird laufend überschrieben (Win7-64)

Wozu hast du diesen Bootmanager überhaupt drauf?

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

noreturn · 02.02.2011, 22:05

Ich habe den Bootmanager drauf weil ich auch Linux installiert habe.
Der Bootmanager hat seit Jahren problemlos funktioniert.

Aus der Bootmanager Hilfe:

Zitat:

Der Plop Bootmanager wird der primäre Bootmanager auf Ihrem System. Es wird keine extra Partition für den Bootmanager benötigt. Er wird auf den ersten Sektoren der Festplatte gespeichert und befindet sich vor dem Beginn der ersten Partition.

cosinus · 02.02.2011, 22:47

Plop sagt mir aber garnichts. Daheim nutze ich fast nur noch Ubuntu, da wird GRUB genutzt. Welche Distro hast du denn?

24.01.2011, 23:07	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MBR wird laufend überschrieben (Win7-64) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes. __________________ __________________

02.02.2011, 22:47	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MBR wird laufend überschrieben (Win7-64) Plop sagt mir aber garnichts. Daheim nutze ich fast nur noch Ubuntu, da wird GRUB genutzt. Welche Distro hast du denn? __________________ Logfiles bitte immer in CODE-Tags posten

MBR wird laufend überschrieben (Win7-64)

Plagegeister aller Art und deren Bekämpfung: MBR wird laufend überschrieben (Win7-64)